[sacm] New version of SWIMA - draft-ietf-sacm-nea-swid-patnc-01
"Schmidt, Charles M." <cmschmidt@mitre.org> Thu, 16 March 2017 18:25 UTC
Return-Path: <cmschmidt@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 978781296DA for <sacm@ietfa.amsl.com>; Thu, 16 Mar 2017 11:25:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7icMOWQfVkNT for <sacm@ietfa.amsl.com>; Thu, 16 Mar 2017 11:25:06 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id B57A7129876 for <sacm@ietf.org>; Thu, 16 Mar 2017 11:25:06 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id DD1E37BC03A for <sacm@ietf.org>; Thu, 16 Mar 2017 14:25:06 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (imshyb01.mitre.org [129.83.29.2]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id CBEB17BC015 for <sacm@ietf.org>; Thu, 16 Mar 2017 14:25:06 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (129.83.29.2) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 16 Mar 2017 14:25:05 -0400
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Thu, 16 Mar 2017 14:25:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vCEERbNZWQCrKDiPoHw0I2Rpsfqf5IKnsvSldRAm3nI=; b=RQMAreRETFUrne3HWSddz5+t2A6HXyMlpwARfO75cwjpttIB0gesg9oCAPMlmMeH5w33Od8qW0DBUrWsgKtEMsvBbMhrzhlclebdMIqHWYZVWCvA3zISiuiMsjDBBc4yeWGM8eWFh5/T5J2psDBYE9No9ZeUZ31KO4FjgXDTWU8=
Received: from CY1PR09MB0889.namprd09.prod.outlook.com (10.163.43.27) by CY1PR09MB0889.namprd09.prod.outlook.com (10.163.43.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.977.11; Thu, 16 Mar 2017 18:25:03 +0000
Received: from CY1PR09MB0889.namprd09.prod.outlook.com ([10.163.43.27]) by CY1PR09MB0889.namprd09.prod.outlook.com ([10.163.43.27]) with mapi id 15.01.0977.010; Thu, 16 Mar 2017 18:25:03 +0000
From: "Schmidt, Charles M." <cmschmidt@mitre.org>
To: "<sacm@ietf.org>" <sacm@ietf.org>
Thread-Topic: New version of SWIMA - draft-ietf-sacm-nea-swid-patnc-01
Thread-Index: AdKefvOAYUEWADRFSAe7NaK6QOb5cA==
Date: Thu, 16 Mar 2017 18:25:03 +0000
Message-ID: <CY1PR09MB08891DA4ACED6F253E489851AB260@CY1PR09MB0889.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=mitre.org;
x-originating-ip: [192.160.51.87]
x-microsoft-exchange-diagnostics: 1; CY1PR09MB0889; 7:a7Rwo/PKSNUMuKZ3VUeiNICDpujs0PJv0/Lxka+nzpIUOXt1jODLReWzo7gZNiGrSuHXRWet3U1syYIWVKSsyUZuDVpnmHXiSLQzrSB2QkOT77CPSgnz/105PURjhAkrmSwg+fjoWm761jPZETUt0FYlP/OF6OeEtvHrqgnpn8If65+lw1Qk0aTWK5eIM4sTaw/hli06uNyXpznFD0VXUzcsmng9ZVsm4bFMO4HFPpvpZ2U25uMN+HVWJsLkVhA5kmYt8mm1IxUuLSiyFRUYzQIk+DAsUPtRbOibWe5fDiwYx5SpLWABE+x5EZWFMZG1tXg/HDOs76lEuFC94F21/Q==
x-ms-office365-filtering-correlation-id: 3742a9e8-feca-4800-bd2a-08d46c99c3eb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY1PR09MB0889;
x-microsoft-antispam-prvs: <CY1PR09MB088964A15988FEA10363511CAB260@CY1PR09MB0889.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(166708455590820)(211171220733660);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123562025)(20161123558025)(20161123555025)(20161123564025)(6072148); SRVR:CY1PR09MB0889; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0889;
x-forefront-prvs: 024847EE92
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(39840400002)(39450400003)(53754006)(74316002)(5660300001)(25786008)(6306002)(7696004)(81166006)(122556002)(102836003)(2900100001)(189998001)(6436002)(77096006)(2906002)(99286003)(6506006)(55016002)(86362001)(6116002)(50986999)(53936002)(230783001)(8676002)(3280700002)(110136004)(33656002)(8936002)(38730400002)(54356999)(9686003)(66066001)(7736002)(305945005)(3660700001)(491001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR09MB0889; H:CY1PR09MB0889.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2017 18:25:03.7635 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR09MB0889
X-OriginatorOrg: mitre.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/h6FGRfFdS3TOPDeK97KfwlUJtco>
Subject: [sacm] New version of SWIMA - draft-ietf-sacm-nea-swid-patnc-01
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 18:25:10 -0000
Hi all, A new version of SWIMA has been uploaded to the IETF document repository (https://datatracker.ietf.org/doc/draft-ietf-sacm-nea-swid-patnc/) and to the GitHub repo (https://github.com/sacmwg/software-identification). This new draft includes some rearrangement to make it easier to read and a bit shorter (thanks Dave Waltermire). I believe this version now addresses all issues currently listed in GitHub. The biggest change between the -00 and -01 versions is in the source identification mechanisms. The Source First Use flag was removed from all messages per the suggestions at the virtual interim call. I have also added two new attributes: Source Metadata Request and Source Metadata Response. These are used to convey information about the various sources a SW-PC uses. These attributes are described in sections 5.14 and 5.15. The section on Source Identifiers (section 3.4.5) has been expanded to provide more guidance on source handling and tracking. This addresses open issue #1 in GitHub. All of the other issues were addressed in the -00 version. No concerns were raised about the approaches used there either at the last virtual interim call or in response to request for feedback on the mailing list. For simplicity, I'm adding the list of issues addressed in the -00 version along with how they were addressed and where. Issue #3: Include installation location - Section 3.4.4 describes how software location information is captured when reporting records, and all attributes that deliver records have new fields used to indicate the software location. Issue #4: Support of user/vendor-defined data models - The data model is indicated with a combination of PEN and data model type identifier. Each vendor can use their PEN to define their own namespace of data model type identifier values. The spec also reserves all values greater than or equal to 192 in the IANA PEN (0) as definable by the local enterprise. Section 3.2 discusses data models in more detail, section 3.4.2 describes how data model information is captured in records, and all attributes conveying software data records have fields to capture this. In addition, section 10.4 describes the IANA registry for Software Data Models. Issue #5: Clarify that SWIMA servers (specifically SW-PVs) MUST accept all data models - This is included in section 3.2 Issue #6: MTI Data Models - Also addressed in section 3.2. Requirement is to support (i.e., be able to generate Software Identifiers for) the formats specified in section 5 of the spec. Currently, those are SWID 2015 in XML and SWID 2009 in XML. No other formats have been suggested. Please take a look at this new version and send any feedback to the list. Thanks, Charles
- [sacm] New version of SWIMA - draft-ietf-sacm-nea… Schmidt, Charles M.